

<!DOCTYPE html>
<html lang="zh-CN" data-default-color-scheme=&#34;auto&#34;>



<head>
  <meta charset="UTF-8">
  <link rel="apple-touch-icon" sizes="76x76" href="/img/2.jpg">
  <link rel="icon" type="image/png" href="/img/2.jpg">
  <meta name="viewport"
        content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, shrink-to-fit=no">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  
  <meta name="theme-color" content="#2f4154">
  <meta name="description" content="">
  <meta name="author" content="K">
  <meta name="keywords" content="">
  <title>docker-ELK日志采集 - K</title>

  <link  rel="stylesheet" href="https://cdn.staticfile.org/twitter-bootstrap/4.4.1/css/bootstrap.min.css" />


  <link  rel="stylesheet" href="https://cdn.staticfile.org/github-markdown-css/4.0.0/github-markdown.min.css" />
  <link  rel="stylesheet" href="/lib/hint/hint.min.css" />

  
    
    
      
      <link  rel="stylesheet" href="https://cdn.staticfile.org/highlight.js/10.0.0/styles/github-gist.min.css" />
    
  

  


<!-- 主题依赖的图标库，不要自行修改 -->

<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_ba1fz6golrf.css">



<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_kmeydafke9r.css">


<link  rel="stylesheet" href="/css/main.css" />

<!-- 自定义样式保持在最底部 -->


  <script  src="/js/utils.js" ></script>
  <script  src="/js/color-schema.js" ></script>
<meta name="generator" content="Hexo 5.2.0"></head>


<body>
  <header style="height: 70vh;">
    <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
  <div class="container">
    <a class="navbar-brand"
       href="/">&nbsp;<strong>かい</strong>&nbsp;</a>

    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
            data-target="#navbarSupportedContent"
            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
      <div class="animated-icon"><span></span><span></span><span></span></div>
    </button>

    <!-- Collapsible content -->
    <div class="collapse navbar-collapse" id="navbarSupportedContent">
      <ul class="navbar-nav ml-auto text-center">
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/">
                <i class="iconfont icon-home-fill"></i>
                首页
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/archives/">
                <i class="iconfont icon-archive-fill"></i>
                归档
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/categories/">
                <i class="iconfont icon-category-fill"></i>
                分类
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/tags/">
                <i class="iconfont icon-tags-fill"></i>
                标签
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/about/">
                <i class="iconfont icon-user-fill"></i>
                关于
              </a>
            </li>
          
        
        
          <li class="nav-item" id="search-btn">
            <a class="nav-link" data-toggle="modal" data-target="#modalSearch">&nbsp;<i
                class="iconfont icon-search"></i>&nbsp;</a>
          </li>
        
        
          <li class="nav-item" id="color-toggle-btn">
            <a class="nav-link" href="javascript:">&nbsp;<i
                class="iconfont icon-dark" id="color-toggle-icon"></i>&nbsp;</a>
          </li>
        
      </ul>
    </div>
  </div>
</nav>

    <div class="banner intro-2" id="background" parallax=true
         style="background: url('/img/1.jpg') no-repeat center center;
           background-size: cover;">
      <div class="full-bg-img">
        <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
          <div class="container page-header text-center fade-in-up">
            <span class="h2" id="subtitle">
              
            </span>

            
              <div class="mt-3">
  
  
    <span class="post-meta">
      <i class="iconfont icon-date-fill" aria-hidden="true"></i>
      <time datetime="2020-12-15 17:00" pubdate>
        2020年12月15日 下午
      </time>
    </span>
  
</div>

<div class="mt-1">
  
    
    <span class="post-meta mr-2">
      <i class="iconfont icon-chart"></i>
      589 字
    </span>
  

  
    
    <span class="post-meta mr-2">
      <i class="iconfont icon-clock-fill"></i>
      
      
      9
       分钟
    </span>
  

  
  
</div>

            
          </div>

          
        </div>
      </div>
    </div>
  </header>

  <main>
    
      

<div class="container-fluid">
  <div class="row">
    <div class="d-none d-lg-block col-lg-2"></div>
    <div class="col-lg-8 nopadding-md">
      <div class="container nopadding-md" id="board-ctn">
        <div class="py-5" id="board">
          <article class="post-content mx-auto" id="post">
            <!-- SEO header -->
            <h1 style="display: none">docker-ELK日志采集</h1>
            
            <div class="markdown-body" id="post-body">
              <h2 id="ELK日志采集"><a href="#ELK日志采集" class="headerlink" title="ELK日志采集"></a>ELK日志采集</h2><ul>
<li>Elasticsearch：近乎全文搜索引擎</li>
<li>Logstash：读取原始日志进行过滤和分析</li>
<li>Kibana：web图形页面</li>
</ul>
<table>
<thead>
<tr>
<th>192.168.100.211</th>
</tr>
</thead>
</table>
<blockquote>
<p>下载elk</p>
</blockquote>
 <pre><code class="hljs angelscript"><span class="hljs-string">[root@localhost ~]</span># docker pull sebp/elk:<span class="hljs-number">760</span>
</code></pre>
<blockquote>
<p>修改参数</p>
</blockquote>
 <pre><code class="hljs autoit">主机内存 最少<span class="hljs-number">4</span>g
[root<span class="hljs-symbol">@localhost</span> ~]<span class="hljs-meta"># echo <span class="hljs-string">&#x27;vm.max_map_count = 262144&#x27;</span> &gt;&gt; /etc/sysctl.conf </span>
[root<span class="hljs-symbol">@localhost</span> ~]<span class="hljs-meta"># sysctl -p</span>
vm.max_map_count = <span class="hljs-number">262144</span></code></pre>
<blockquote>
<p>开启容器</p>
</blockquote>
 <pre><code class="hljs angelscript"><span class="hljs-string">[root@localhost ~]</span># docker run -p <span class="hljs-number">5601</span>:<span class="hljs-number">5601</span> -p <span class="hljs-number">9200</span>:<span class="hljs-number">9200</span> -p <span class="hljs-number">5044</span>:<span class="hljs-number">5044</span> -itd --restart always -e ES_HEAP_SIZE=<span class="hljs-string">&quot;2g&quot;</span> -e LS_HEAP_SIZE=<span class="hljs-string">&quot;2g&quot;</span> --name elk sebp/elk:<span class="hljs-number">760</span>
<span class="hljs-number">16</span>b5fcbb44b23da6e1698ef041f0abd91e4f5a0f79c7fdd7bef8c9335419548a

# 查看是否启动
<span class="hljs-string">[root@localhost ~]</span># netstat -anput |grep docker
tcp6       <span class="hljs-number">0</span>      <span class="hljs-number">0</span> :::<span class="hljs-number">5601</span>                 :::*                    LISTEN      <span class="hljs-number">17140</span>/docker-proxy  
tcp6       <span class="hljs-number">0</span>      <span class="hljs-number">0</span> :::<span class="hljs-number">9200</span>                 :::*                    LISTEN      <span class="hljs-number">17129</span>/docker-proxy  
tcp6       <span class="hljs-number">0</span>      <span class="hljs-number">0</span> :::<span class="hljs-number">5044</span>                 :::*                    LISTEN      <span class="hljs-number">17151</span>/docker-proxy  
</code></pre>
<blockquote>
<p>访问页面<br> <code>192.168.100.211:5601</code></p>
</blockquote>
<p> <img src="/images/docker/elk1.png" srcset="/img/loading.gif"><br> <img src="/images/docker/elk2.png" srcset="/img/loading.gif"><br> <img src="/images/docker/elk3.png" srcset="/img/loading.gif"></p>
<ul>
<li>根据页面提示来在命令行内输入命令<br><img src="/images/docker/elk4.png" srcset="/img/loading.gif"></li>
<li>下面的操作是根据上面这张图来进行的</li>
</ul>
<hr>
<blockquote>
<p>安装filebeat</p>
</blockquote>
 <pre><code class="hljs angelscript"><span class="hljs-string">[root@localhost ~]</span># curl -L -O https:<span class="hljs-comment">//artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-x86_64.rpm</span>
 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                Dload  Upload   Total   Spent    Left  Speed
<span class="hljs-number">100</span> <span class="hljs-number">23.5</span>M  <span class="hljs-number">100</span> <span class="hljs-number">23.5</span>M    <span class="hljs-number">0</span>     <span class="hljs-number">0</span>  <span class="hljs-number">4967</span>k      <span class="hljs-number">0</span>  <span class="hljs-number">0</span>:<span class="hljs-number">00</span>:<span class="hljs-number">04</span>  <span class="hljs-number">0</span>:<span class="hljs-number">00</span>:<span class="hljs-number">04</span> --:--:-- <span class="hljs-number">5677</span>k
<span class="hljs-string">[root@localhost ~]</span># sudo rpm -vi filebeat<span class="hljs-number">-7.6</span><span class="hljs-number">.0</span>-x86_64.rpm
警告：filebeat<span class="hljs-number">-7.6</span><span class="hljs-number">.0</span>-x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
软件包准备中...
filebeat<span class="hljs-number">-7.6</span><span class="hljs-number">.0</span><span class="hljs-number">-1.</span>x86_64
</code></pre>
<blockquote>
<p>修改配置文件</p>
</blockquote>
<ul>
<li><p>这里页面写了 要指定 elasticsearch 和 kibana 的ip</p>
</li>
<li><p>另外还需要加入 docker 的日志文件才可以监控到数据</p>
<pre><code class="hljs awk">[root@localhost ~]<span class="hljs-comment"># vim /etc/filebeat/filebeat.yml</span>
 <span class="hljs-comment"># 开启日志监控 24行</span>
  enabled: true
 <span class="hljs-comment"># 指定 docker的日志文件 29行</span>
   paths:
   - <span class="hljs-regexp">/var/</span>log/*.log
   - <span class="hljs-regexp">/var/</span>lib<span class="hljs-regexp">/docker/</span>containers<span class="hljs-regexp">/*/</span>*.log <span class="hljs-comment"># 这里是docker的日志文件</span>

 <span class="hljs-comment"># 指定kibana的ip和端口 125行</span>
   host: <span class="hljs-string">&quot;192.168.100.211:5601&quot;</span>
 <span class="hljs-comment"># 指定elasticsearch 的ip和端口  152行</span>
   hosts: [<span class="hljs-string">&quot;192.168.100.211:9200&quot;</span>]</code></pre>
<blockquote>
<p>照着页面提示启动filebeat</p>
</blockquote>
<pre><code class="hljs sql">  <span class="hljs-comment"># 启用 elasticsearch</span>
[root@localhost ~]<span class="hljs-comment"># sudo filebeat modules enable elasticsearch</span>
Enabled elasticsearch
<span class="hljs-comment"># 初始化</span>
[root@localhost ~]<span class="hljs-comment"># sudo filebeat setup</span>
Overwriting ILM policy is disabled. <span class="hljs-keyword">Set</span> <span class="hljs-string">`setup.ilm.overwrite:true`</span> <span class="hljs-keyword">for</span> enabling.
<span class="hljs-keyword">Index</span> setup finished.
Loading dashboards (Kibana must be running <span class="hljs-keyword">and</span> reachable)
Loaded dashboards
Setting up ML <span class="hljs-keyword">using</span> setup <span class="hljs-comment">--machine-learning is going to be removed in 8.0.0. Please use the ML app instead.</span>
See more: https://www.elastic.co/guide/en/elastic-stack-overview/<span class="hljs-keyword">current</span>/xpack-ml.html
Loaded machine learning job configurations
Loaded Ingest pipelines
<span class="hljs-comment"># 启动</span>
[root@localhost ~]<span class="hljs-comment"># sudo service filebeat start</span>
<span class="hljs-keyword">Starting</span> filebeat (via systemctl):                         [  确定  ]
</code></pre>
<blockquote>
<p>点击最后的蓝色按钮就可以了</p>
</blockquote>
<p><img src="/images/docker/elk5.png" srcset="/img/loading.gif"></p>
</li>
</ul>
<ul>
<li>测试数据日志是否被监控<pre><code class="hljs stata"> [root@localhost ~]# docker <span class="hljs-keyword">run</span> busybox <span class="hljs-keyword">sh</span> -c &#x27;<span class="hljs-keyword">while</span> true; <span class="hljs-keyword">do</span> echo <span class="hljs-string">&quot;hello_lmk&quot;</span>; <span class="hljs-keyword">sleep</span> 10s; done;&#x27;
 hello_lmk
# 该容器每10秒会输出一个 hello_lmk
#在elk中查看是否被采集到了</code></pre>
<img src="/images/docker/elk6.png" srcset="/img/loading.gif"></li>
</ul>

            </div>
            <hr>
            <div>
              <div class="post-metas mb-3">
                
                  <div class="post-meta mr-3">
                    <i class="iconfont icon-category"></i>
                    
                      <a class="hover-with-bg" href="/categories/docker/">docker</a>
                    
                  </div>
                
                
                  <div class="post-meta">
                    <i class="iconfont icon-tags"></i>
                    
                      <a class="hover-with-bg" href="/tags/docker/">docker</a>
                    
                  </div>
                
              </div>
              
                <p class="note note-warning">本博客所有文章是以学习为目的，如果有不对的地方可以一起交流沟通共同学习 邮箱:1248287831@qq.com！</p>
              
              
                <div class="post-prevnext row">
                  <article class="post-prev col-6">
                    
                    
                      <a href="/2020/12/17/docker-swarm/">
                        <i class="iconfont icon-arrowleft"></i>
                        <span class="hidden-mobile">docker-swarm集群</span>
                        <span class="visible-mobile">上一篇</span>
                      </a>
                    
                  </article>
                  <article class="post-next col-6">
                    
                    
                      <a href="/2020/12/15/docker-%E6%97%A5%E5%BF%97%E7%AE%A1%E7%90%86/">
                        <span class="hidden-mobile">docker-日志管理</span>
                        <span class="visible-mobile">下一篇</span>
                        <i class="iconfont icon-arrowright"></i>
                      </a>
                    
                  </article>
                </div>
              
            </div>

            
          </article>
        </div>
      </div>
    </div>
    
      <div class="d-none d-lg-block col-lg-2 toc-container" id="toc-ctn">
        <div id="toc">
  <p class="toc-header"><i class="iconfont icon-list"></i>&nbsp;目录</p>
  <div id="tocbot"></div>
</div>

      </div>
    
  </div>
</div>

<!-- Custom -->


    
  </main>

  
    <a id="scroll-top-button" href="#" role="button">
      <i class="iconfont icon-arrowup" aria-hidden="true"></i>
    </a>
  

  
    <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
     aria-hidden="true">
  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
    <div class="modal-content">
      <div class="modal-header text-center">
        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
          <span aria-hidden="true">&times;</span>
        </button>
      </div>
      <div class="modal-body mx-3">
        <div class="md-form mb-5">
          <input type="text" id="local-search-input" class="form-control validate">
          <label data-error="x" data-success="v"
                 for="local-search-input">关键词</label>
        </div>
        <div class="list-group" id="local-search-result"></div>
      </div>
    </div>
  </div>
</div>
  

  

  <footer class="text-center mt-5 py-3">
  <div class="footer-content">
     <a href="https://space.bilibili.com/39165374" target="_blank" rel="nofollow noopener"><span>LMK</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
  </div>
  
  <div class="statistics">
    
    

    
      
        <!-- 不蒜子统计PV -->
        <span id="busuanzi_container_site_pv" style="display: none">
            总访问量 
            <span id="busuanzi_value_site_pv"></span>
             次
          </span>
      
      
        <!-- 不蒜子统计UV -->
        <span id="busuanzi_container_site_uv" style="display: none">
            总访客数 
            <span id="busuanzi_value_site_uv"></span>
             人
          </span>
      
    
  </div>


  

  
</footer>

<!-- SCRIPTS -->
<script  src="https://cdn.staticfile.org/jquery/3.4.1/jquery.min.js" ></script>
<script  src="https://cdn.staticfile.org/twitter-bootstrap/4.4.1/js/bootstrap.min.js" ></script>
<script  src="/js/debouncer.js" ></script>
<script  src="/js/main.js" ></script>

<!-- Plugins -->


  
    <script  src="/js/lazyload.js" ></script>
  



  



  <script defer src="https://cdn.staticfile.org/clipboard.js/2.0.6/clipboard.min.js" ></script>
  <script  src="/js/clipboard-use.js" ></script>



  <script defer src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" ></script>





  <script  src="https://cdn.staticfile.org/tocbot/4.11.1/tocbot.min.js" ></script>
  <script>
    $(document).ready(function () {
      var boardCtn = $('#board-ctn');
      var boardTop = boardCtn.offset().top;

      tocbot.init({
        tocSelector: '#tocbot',
        contentSelector: '#post-body',
        headingSelector: 'h1,h2,h3,h4,h5,h6',
        linkClass: 'tocbot-link',
        activeLinkClass: 'tocbot-active-link',
        listClass: 'tocbot-list',
        isCollapsedClass: 'tocbot-is-collapsed',
        collapsibleClass: 'tocbot-is-collapsible',
        collapseDepth: 0,
        scrollSmooth: true,
        headingsOffset: -boardTop
      });
      if ($('.toc-list-item').length > 0) {
        $('#toc').css('visibility', 'visible');
      }
    });
  </script>



  <script  src="https://cdn.staticfile.org/typed.js/2.0.11/typed.min.js" ></script>
  <script>
    var typed = new Typed('#subtitle', {
      strings: [
        '  ',
        "docker-ELK日志采集&nbsp;",
      ],
      cursorChar: "_",
      typeSpeed: 70,
      loop: false,
    });
    typed.stop();
    $(document).ready(function () {
      $(".typed-cursor").addClass("h2");
      typed.start();
    });
  </script>



  <script  src="https://cdn.staticfile.org/anchor-js/4.2.2/anchor.min.js" ></script>
  <script>
    anchors.options = {
      placement: "right",
      visible: "hover",
      
    };
    var el = "h1,h2,h3,h4,h5,h6".split(",");
    var res = [];
    for (item of el) {
      res.push(".markdown-body > " + item)
    }
    anchors.add(res.join(", "))
  </script>



  <script  src="/js/local-search.js" ></script>
  <script>
    var path = "/local-search.xml";
    var inputArea = document.querySelector("#local-search-input");
    inputArea.onclick = function () {
      searchFunc(path, 'local-search-input', 'local-search-result');
      this.onclick = null
    }
  </script>



  <script  src="https://cdn.staticfile.org/fancybox/3.5.7/jquery.fancybox.min.js" ></script>
  <link  rel="stylesheet" href="https://cdn.staticfile.org/fancybox/3.5.7/jquery.fancybox.min.css" />

  <script>
    $('#post img:not(.no-zoom img, img[no-zoom]), img[zoom]').each(
      function () {
        var element = document.createElement('a');
        $(element).attr('data-fancybox', 'images');
        $(element).attr('href', $(this).attr('src'));
        $(this).wrap(element);
      }
    );
  </script>















</body>
</html>
